The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.
In computer security, general access control includes authorization, authentication, and access approval. A more narrow definition of access control covers only access approval, whereby a computer system makes a decision to grant or reject an access request from an already authenticated requester, based on what the requester is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, electronic keys, and monitoring by humans and computer systems. Access approval is a function that actually grants or rejects access to requests. During access approval, a computer system compares the formal representation of an authorization policy with the access request to determine whether the request shall be granted or rejected.
Although controlling access to data may be relatively straightforward for data of homogeneous origin, such as granting a company's employee access to read some data from the company's computer system, access rights become complicated for requests to access data of heterogeneous origin, such as when the company's employee requests to read data that is a combination of the company's data and data for which the company pays a license fee to access. Accordingly, it is desirable to provide techniques that enable a database system to control access to data of heterogeneous origin.